<?php

    $con = mysql_connect("atomi.db.8753367.hostedresource.com","atomi","v0yV10laSFqeS");
    if (!$con) {
        die('Could not connect: ' . mysql_error());
    }
    
    mysql_select_db("atomi", $con);
    
    $uid = $_GET['uid'];
    $wid = $_GET['wid'];
    $com = $_GET['com'];
    $px = $_GET['px'];
    $py = $_GET['py'];
        // Escape User Input to help prevent SQL Injection
    $uid = mysql_real_escape_string($uid);
    $wid = mysql_real_escape_string($wid);
    $com = mysql_real_escape_string($com);
    $px = mysql_real_escape_string($px);
    $py = mysql_real_escape_string($py);
    $query = "INSERT INTO comments (uid, wid, comment, position_x, position_y) VALUES('$uid', '$wid', '$com', '$px', '$py')";
    
    $qry_result = mysql_query($query) or die(mysql_error());

?>
